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The  Internet’s  continuing  growth,  stability,  and  security  are  vital  to  the  DoD’s  mission.  While  the  DoD  no  longer  controls 
Internet  decision  making,  its  unique  perspective  deriving  from  its  multiple  roles  as  Internet  user,  operator,  and  research 
center  is  important  to  the  development  and  protection  of  U.S.  national  interests.  It  should  make  a  commitment  to  partic¬ 
ipate  directly  in  international  Internet  decision-makingforums,  as  well  as  actively  develop  policy  as  part  of  the  U.S.  inter¬ 
agency  process. 


The  Internet  is  essential.  It  is  a  vital 
underpinning  of  the  civilian  econo¬ 
my,  and  its  security  and  stability  has 
become  a  matter  of  national  security.  In 
a  converged  world,  it  will  become  not 
just  the  means  for  transmitting  data,  but 
also  video  and  voice.  It  is,  therefore, 
critical  to  ensure  its  continued  growth, 
internal  security,  and  stability. 

So  how  do  we  guarantee  that  growth, 
security,  and  stability?  What  might 
impact  those  issues?  Who  gets  to  make 
those  decisions? 

The  USG,  through  the  DoD,  created 
the  Internet,  but  what  it  created  has 
grown  in  ways  totally  unforeseen  just 
10-15  years  ago.  The  DoD’s  oversight  of 
the  initial  development  of  the  Internet 
has  been  replaced  by  a  web  of  collective 
decision-making  bodies  that  it  no  longer 
controls.  The  issue  now  has  become 
should  the  DoD  continue  to  try  to 
influence  the  development  of  the 
Internet  and,  if  so,  how  should  it  pro¬ 
ceed?  That  is,  should  the  DoD  take  an 
active  role  in  the  process  and,  if  it 
should,  will  that  role  be  confined  to 
internal  USG  deliberations  or  will  it 
include  direct  participation  in  the  many 
forums  where  key  decisions  about  the 
Internet  are  made? 

The  rest  of  this  article  answers  that 
question  as  follows:  the  DoD  finds  itself 
in  a  unique  position  to  play  a  positive 
role.  It  is  a  major  user  of  the  Internet, 
but  it  is  also  a  large  Internet  service 
provider  and  an  operator  of  two  of  the 
13  root  zone  servers  that  provide  the 
basic  information  for  locating  Internet 
addresses.  The  DoD  is  also  a  repository 
of  vast  technical  expertise  about  the 
Internet  and  a  significant  source  of 
research  funds.  Taken  together,  those 
multiple  roles  give  the  DoD  a  unique 
view  of  the  Internet  and  a  distinct  abili¬ 
ty  to  positively  influence  its  evolution  in 
ways  not  easily  matched  by  other  USG 
departments  or  the  private  sector. 

Those  perspectives  —  individually 
and  in  combination  —  are  critical  for  the 


DoD  to  carry  out  its  larger  mission: 
assuring  the  security  and  stability  of  the 
Internet  as  part  of  its  defense  of  U.S. 
national  security.  The  DoD’s  strategy 
should  be  twofold.  It  must  (1)  monitor 
and  influence  current  technical  and 
political  developments  that  could 
impact  the  security  and  stability  of 
Internet  operations;  and  (2)  envision  the 
Internet  10  or  15  years  into  the  future, 
define  the  role  it  will  play  in  contribut¬ 
ing  to  the  defense  of  the  nation,  and 
take  the  steps  required  to  achieve  that 
vision,  much  as  the  defense  community 
has  done  with  the  current  Internet. 

However,  the  DoD’s  distinct  vision 
does  not  mean  that  it  can  afford  to  act 
alone.  In  order  to  make  the  DoD’s  par¬ 
ticipation  effective,  there  will  have  to  be 
a  coordinated  strategy  among  the  DoD’s 
components,  as  well  as  collaboration 
with  the  rest  of  the  USG  and  the  U.S. 
private  sector.  That  collaboration  is  not 
driven  merely  by  the  desire  to  speak 
with  one  voice.  Rather,  it  is  compelled 
by  the  unique  set  of  problems  and 
unique  ways  of  solving  them  that  distin¬ 
guish  the  Internet  and  its  governance 
processes. 

Collective  decision-making  about  the 
Internet  is  disbursed  among  various 
organizations  and,  in  most  of  them, 
governments  have  no  special  role.  They 
stand  on  equal  footing  with  the  private 
sector,  academia  and  civil  society  in 
devising  standards  and  making  other  rel¬ 
evant  decisions.  It  is  a  megacommunitf  of 
extraordinary  scope  with  vast  and  com¬ 
plicated  interests  and  connections. 

Moreover,  the  decision  makers  must 
constantly  struggle  to  preserve  the 
Internet’s  grassroots  innovation  and 
growth  while  recognizing  the  impor¬ 
tance  of  stability  and  security.  The  cre¬ 
ativity  that  has  made  the  Internet  so 
valuable  cannot  be  squelched  if  the 
Internet  is  to  remain  a  dynamic  and 
adaptive  medium.  Continuing  to  achieve 
that  balance  of  innovation  and  stability 
requires  a  combination  of  technological 


expertise,  political  sophistication,  and  a 
commitment  to  innovation  and  change 
that  few  individuals,  let  alone  agencies, 
possess.  It  is  the  combination  of  per¬ 
spectives  from  within  and  outside  of 
government  that,  if  successfully  execut¬ 
ed,  gives  the  USG  both  compelling 
influence  and  a  powerful  vision. 

The  Questions 

The  following  questions  are  integral  to 
an  Internet  Governance  and  Security 
Strategy  for  the  defense  community: 

•  What  should  the  Internet  look  like  in 
10  or  20  years  to  ensure  it  remains  a 
secure  link  to  our  allies,  the  defense 
community  global  supply  chain,  and 
the  civilian  infrastructure  on  which 
the  USG  depends? 

•  What  should  the  Internet  look  like  in 
10  or  20  years  to  maximize  its  ability 
to  support  other  USG  interests? 

•  What  steps  should  the  national  secu¬ 
rity  community  take  today  to  ensure 
that  the  security  and  stability  of  the 
Internet’s  infrastructure  are  protect¬ 
ed  to  support  future  operations? 
From  a  policy  standpoint  (i.e.,  glob¬ 
al,  national,  DoD)?  From  an  invest¬ 
ment  standpoint  (e.g.,  resourcing, 
research  and  development)?  From  a 
cultural  standpoint  (e.g.,  training, 
education)?  From  a  tactical  stand¬ 
point  (e.g.,  standards,  operations, 
acquisitions)? 

The  Trends 

One  can  likely  come  up  with  a  variety  of 
ways  of  categorizing  the  various  chal¬ 
lenges  for  the  Internet.  The  following 
are  three  that  are  seen  as  summarizing 
the  diverse  problems: 

1.  The  rapid  growth  of  Internet  services 
and,  therefore,  Internet  traffic 
because  of  the  increasingly  essential 
character  of  the  Internet  for  nation¬ 
al  and  international  economies  (all  of 
which  makes  the  Internet  not  just  a 
bigger  target,  but  also  a  more  invit¬ 
ing  one,  as  well). 
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2.  The  growing  sophistication  of  those 
who  want  to  destroy  the  Internet’s 
stability  and  security ,  whether  for  rea¬ 
sons  of  cyber-war,  crime,  or  simple 
malicious  one-upmanship. 

3.  The  increasing  demands  placed  on 
those  organisations  that  make  deci¬ 
sions  related  to  standards  and  prac¬ 
tices  governing  the  Internet. 

Growth 

First,  with  regard  to  growth,  the  trends 

are  overwhelming: 

•  Everything  will  be  over  Internet 
Protocol  (IP)  (Voice  over  IP  [VoIP], 
video,  streaming  video,  collaboration, 
data),  which  means  systems  will  bear 
vastly  greater  amounts  of  traffic. 

•  Everything  will  be  addressable  via  IP 
addresses  (sensors,  mission-critical 
systems,  individuals,  etc.). 

•  There  will  be  vast  numbers  of  new 
uses  which  will  have  implications  on 
the  volume  of  traffic  and  privacy  of 
data,  among  other  things. 

•  The  Internet  will  be  more  intelligent 
and  interactive. 

That  growth  suggests  a  responsive 

agenda  that  should  address  the  follow¬ 
ing  areas: 

1.  Scale/Ubiquity.  The  more  Internet 
traffic,  the  greater  the  threat  of  con¬ 
gestion  and  packet  loss.  The  greater 
the  congestion,  the  greater  the  inter¬ 
ference  with  VoIP  and  video.  Unlike 
data  where  we  have  learned  to  toler¬ 
ate  the  time  it  sometimes  takes  for 
things  to  appear  on  computer 
screens  (as  we  expectantly  peer  at 
our  monitors),  video  and  VoIP  trans¬ 
missions  cannot  be  delayed  or  dis¬ 
rupted  without  substantially  degrad¬ 
ing  service  (which  is  referred  to  as 
the  problem  of  latency).  There  are 
also  questions  of  whether  computa¬ 
tional  capacity  on  root  zone  servers 
can  meet  demand,  and  whether  the 
constant  updating  of  routing  tables 
will  strain  the  routers’  computational 
ability.  The  routing  schemes  will 
need  to  account  for  more  routers 
and  links,  and  quality  of  service  (a 
term  related  to  the  issue  of  net  neu¬ 
trality,  discussed  in  the  third  area. 
Quality  of  Service)  will  complicate 
their  work.  Modifications  to  the  cur¬ 
rent  global  routing  scheme  will  be 
required  to  support  controlled  peer¬ 
ing  among  networks,  and  routing 
protocols  will  need  a  complete  sys¬ 
tem  view  of  options  (rather  than  a 
partial  view  focused  on  the  next 
jump).  There  is  also  the  question  of 
whether  increasing  capacity  require¬ 


ments  will  be  met  with  current  tech¬ 
nologies. 

2.  Resiliency.  Ubiquitous  VoIP  and 
similar  high  bandwidth,  low  latency 
applications,  as  well  as  increasing 
dependence  on  the  Internet  for  mis¬ 
sion-critical  operations,  require  a 
more  reliable  and  robust  system.  In 
the  face  of  major  man-made  or  nat¬ 
ural  disasters  or  deliberate  attacks  on 
the  system,  will  there  be  enough 
robustness,  redundancy,  and  accurate 
routing  and  address  information  to 
assure  continued  connectivity  and 
speed?  In  addition,  exchange  point 
technology  needs  to  be  improved 
and  there  are  robustness  issues  at 

...  some  commercial 
users  are  worried  about 
possible  abuse  of  priority 
schemes  by  service 
providers  to  discriminate 
in  favor  of  some  content 
or  services  over  others  ... 
The  White  House  has 
stated  that  it  sees  no 
reason  for  net  neutrality 
legislation;  that  the 
market  will  work 
itself  out. 


major  interconnection  points  includ¬ 
ing,  among  other  things,  a  lack  of 
redundancy. 

3.  Quality  of  Service  -  Net  Neutral¬ 
ity  and  Priority  of  Service.  On  tra¬ 
ditional  telephone  networks,  carriers 
have  evolved  protocols  for  priority 
communications,  a  particularly  impor¬ 
tant  issue  for  national  security  and  law 
enforcement.  Thus  far,  the  Internet 
has  worked  on  a  best  efforts  basis 
where  all  traffic  is  essentially  treated 
the  same.  With  more  traffic  and 
potential  limits  on  capacity,  it  is 
important  to  ensure  similar  priority 
schemes.  However,  some  commer¬ 
cial  users  are  worried  about  possible 
abuse  of  priority  schemes  by  service 


providers  to  discriminate  in  favor  of 
some  content  or  services  over  oth¬ 
ers.  They  have  proposed  net  neutral¬ 
ity  laws  that  could  interfere  with  the 
ability  to  prioritize  communications 
for  national  security/ emergency  pre¬ 
paredness  purposes.  The  White 
House  has  stated  that  it  sees  no  rea¬ 
son  for  net  neutrality  legislation;  that 
the  market  will  work  itself  out  [1] . 
The  Federal  Communications  Com¬ 
mission  (FCC)  is  currently  reviewing 
net  neutrality  through  a  notice  of 
inquiry2,  and  holding  hearings  on  the 
issue  in  light  of  evidence  that  carri¬ 
ers  may  have  been  violating  net  neu¬ 
trality  principles. 

4.  IPv6  Deployment.  As  a  result  of 
the  growth  of  the  Internet,  the 
addressing  system  must  be  expand¬ 
ed.  IPv6  is  a  new  addressing  system 
that  allows  for  billions  more  poten¬ 
tial  addresses  than  the  current  sys¬ 
tem,  IPv4.  Both  the  USG  and  private 
industry  must  be  prepared  for  the 
transition  to  ensure  that  it  occurs 
smoothly  and  that  all  IP  addresses 
remain  reachable.  Because  of  the  rel¬ 
atively  large  number  of  addresses 
that  remain  available  in  the  U.S., 
there  has  thus  far  been  little  interest 
here  in  undertaking  the  necessary 
investment,  even  though  the  Office 
of  Management  and  Budget  has 
directed  all  USG  agencies  to  com¬ 
plete  the  transition  by  June  20083. 
While  the  DoD  has  moved  forward, 
many  U.S.  agencies  have  not. 
However,  the  rest  of  the  world  is 
likely  to  want  to  push  forward  in  the 
near  future.  At  that  point,  the  U.S. 
may  have  no  choice;  however,  timely 
addressing  of  the  transition  is  the 
best  way  to  avoid  a  crisis. 

5.  Alternative  Technologies.  The 
National  Academy  of  Sciences  has 
noted  that  Internet  research  at  this 
point  is  heavily  incremental  in 
nature,  focusing  on  marginal 
improvements  to  the  current  struc¬ 
ture.4  There  is  little  money  or  effort 
devoted  to  changing  the  fundamen¬ 
tals  of  the  Internet.  Regardless,  there 
is  always  the  possibility  that  some 
alternative  technology  will  come 
along  that  will  make  the  Internet 
outmoded  in  the  same  way  the 
Internet  has  begun  to  make  the 
Public  Switched  Telephone  Network 
(PSTN)  virtually  obsolete.  If  funded, 
the  National  Science  Foundation 
Global  Environment  for  Network 
Innovations  project5,  with  which  the 
DoD  (principally  through  the 
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Defense  Advanced  Research 
Projects  Agency  [DARPA])  collabo¬ 
rates,  will  investigate  new  core  func¬ 
tionality,  new  architectures  and  new 
network  architecture  theories,  and 
build  higher-level  service  abstrac¬ 
tions. 

6.  Web  2.0.  Some  issues  of  growth 
relate  to  the  evolution  of  Internet 
applications.  The  increasing  sophisti¬ 
cation  of  highly  interactive  Internet 
applications,  often  collectively 
referred  to  as  Web  2.0,  provide  users 
with  an  expanding  range  of  capabili¬ 
ties.6  The  DoD  can  and  does  use 
them,  but  the  value  to  the  DoD  is 
nowhere  as  significant  as  the  capabil¬ 
ity  they  afford  non-nation  state 
actors  —  such  as  terrorists  —  to  use 
new  and  innovative  ways  to  train  ter¬ 
rorists  (e.g.,  avatars),  share  informa¬ 
tion,  recruit  followers,  and  otherwise 
enhance  their  ability  to  conduct 
asymmetric  warfare. 

For  all  these  issues,  the  DoD’s  per¬ 
spective  is  extraordinary.  It  is  the  user 
who  has  a  direct  interest  in  all  these 
problems,  but  it  is  far  more  than  that. 
For  example,  it  is  an  Internet  service 
provider  that  has  to  adopt  IPv6,  and  it  is 
a  research  funding  source  that  can  influ¬ 
ence  long-term  events.  If  all  parts  of  the 
DoD  are  talking  to  one  another,  then  it 
is  a  feedback  loop  unparalleled  in  the 
Internet  world. 

Stability  and  Security 

If  growth  is  deemed  a  good  trend,  then 
the  second  trend,  the  increasing  sophis¬ 
tication  of  hackers,  criminals,  and  state- 
sponsored  cyber-warriors  clearly  repre¬ 
sents  the  bad  side  of  the  following  equa¬ 
tion: 

•  Identity  theft,  fraud,  unwanted  e- 
mail,  and  other  Internet  abuses  con¬ 
tinue  to  grow. 

•  Because  the  Internet  can  originate 
virtually  anywhere  and  can  easily 
penetrate  a  national  boundary,  cyber¬ 
crime  is  both  everywhere  and 
nowhere  all  at  the  same  time. 

•  Cyber-attackers  have  learned  to 
manipulate  hundreds,  sometimes 
thousands,  of  computers  to  conduct 
coordinated  attacks  on  a  computer 
system  (called  botnets).  These  botnets 
have  significantly  facilitated  large, 
broad-scale  attacks  on  computer  net¬ 
works  called  distributed  denial  of 
service  attacks  (DDOS). 

•  In  2007,  a  large-scale  attack  on 
Estonia  demonstrated  the  ability  of 
sophisticated  parties  to  disrupt  large 
parts  of  a  national  economy  through 


the  use  of  DDOS.7 

•  The  international  world  has  been 
unable  to  agree  on  what  cyber- crime 
is  or  how  to  deal  with  those  who 
commit  it.  The  Internet  Cyber- 
Crime  Convention  has  been  signed 
by  only  43  countries,  including  the 
United  States.  Russia,  China,  North 
Korea,  and  many  others  have  not 
signed. 

There  are  many  possible  responses 
to  these  problems,  but  the  following  are 
clear  priorities: 

1.  DDOS.  DDOS  attacks  are  increas¬ 
ingly  being  used  to  conduct  attacks 
against  key  Internet  assets  including 
the  Internet’s  root  zone  servers. 

The  BGP  is  used  to 
perform  inter-domain 
routing  on  the  Internet 
and  is  vulnerable  to 
spoofing  and 
misconfiguration,  which 
can  lead  to  the 
misrouting  of 
Internet  traffic. 

These  DDOS  attacks  attempt  to 
overwhelm  servers  with  vast  num¬ 
bers  of  messages.  The  use  of  bot¬ 
nets  has  increased  the  effectiveness 
of  DDOS  attacks.  The  last  major 
attack  in  the  U.S.  occurred  on 
February  6,  2007.  Its  impact  was 
heavily  mitigated  by  the  use  of  any- 
cast  technology,  which,  by  duplicat¬ 
ing  root  zone  data  bases  on  multiple 
servers  around  the  world,  allowed 
traffic  to  be  re-directed  around  the 
victimized  servers.  However,  the 
attackers  are  also  growing  more 
sophisticated,  and  the  need  for  ever¬ 
more  elaborate  defense  continues  to 
grow.  Mitigation  approaches  include 
bandwidth  upgrades,  ingress  and 
egress  filtering,  and  mandatory  hard¬ 
ware  configuration  to  eliminate  the 
possibility  that  computers  could  be 
taken  over  by  unauthorized  users. 
One  sign  of  the  seriousness  of  the 
problem  is  that  Internet  service 
providers  are  considering  the  cost 
effectiveness  of  accepting  only  traf¬ 


fic  from  known  entities.  However, 
this  approach  could  block  access  to 
online  sites  and  eliminate  the  end-to- 
end  nature  of  the  Internet. 
Government  and  private  industry 
will  need  to  continue  to  work  closely 
to  address  this  issue  from  both  a  pol¬ 
icy  and  operational  perspective. 

2.  Defining  Cyber-War  and  Cyber- 
Conflict.  The  Estonia  situation 
showed  the  difficulties  present  in 
defining  cyber-conflict.  Although  a 
nation-state  was  suspected  of  caus¬ 
ing  the  DDOS  attacks  against 
Estonia’s  key  Web  resources,  it  was 
difficult  to  trace  ultimate  culpability. 
In  addition,  there  was  a  question  of 
whether  this  type  of  denial  of  ser¬ 
vice  would  be  considered  a  cyber¬ 
incident  of  national  significance 
considering  the  fact  that  it  caused 
more  annoyance  than  actual  harm. 
Although  the  Estonia  situation 
seemed  to  bring  attention  to  the  fact 
that  nation-state  strategic  cyber 
activity  might  be  on  the  rise,  it  equal¬ 
ly  brought  light  to  the  fact  that  cyber 
rules  of  engagement  have  yet  to  be 
defined.  Much  work  will  have  to  be 
done  in  the  next  decade  defining 
international  law  and  norms  of 
behavior,  by  treaty  or  other  means, 
to  ensure  that  the  Internet  will  sur¬ 
vive  in  light  of  a  rise  in  nation-state 
cyber  conflict. 

3.  Authentication  (Public  Key  Infra¬ 
structure/Domain  Name  System 
[DNS]  Security  Extension  [DNSSEC] 
Deployment).  To  ensure  secure  and 
stable  Internet  communications,  it  is 
essential  that  Internet  users  have 
confidence  that  they  are  communi¬ 
cating  with  the  parties  with  whom 
they  intend.  For  the  Internet  to  com¬ 
plete  its  evolution  into  the  key  plat¬ 
form  for  all  types  of  communica¬ 
tions,  there  must  be  confidence  that 
the  global  network  infrastructure  is 
secure  and  reliable.  Users  must  con¬ 
tinue  to  be  able  to  trust  that  they  are 
communicating  with  the  people  they 
intend  to  communicate  with,  that 
they  are  doing  so  in  a  timely  fashion, 
and  that  the  data,  video,  or  voice 
calls  they  are  sending  or  receiving 
remain  confidential  and  their  integri¬ 
ty  is  protected. 

An  essential  element  in  assuring 
this  security  is  that  domain  names 
have  a  trustworthy  mapping  to  IP 
addresses  and  are  not  tampered  with 
or  disrupted.  DNSSEC  authenticates 
communications  through  the  use  of 
public  beys  bound  to  a  unique  user  to 
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ensure  that  IP  addressing  is  authen- 
tic  and  accurate.  It  should  be  inte¬ 
grated  into  the  Internet  to  provide 
for  assured  distribution  of  IP 
addresses  and  autonomous  system 
numbers.  DNSSEC  would  validate 
DNS  addresses  and  deter  spoofing 
of  Web  sites  (thereby  allowing  com¬ 
munications  to  be  misdirected)  and 
other  Internet  services.  Signing  the 
Internet’s  root  zone  files  (the 
Internet  Assigned  Numbers 
Authority  [IANA]  root)  and  the 
roots  for  the  Top  Level  Domains 
(TLDs)  would  also  improve  Internet 
integrity. 

4.  Routing  Security  (Border  Gate¬ 
way  Protocol  [BGP];  Router 
Upgrades).  As  noted  in  the  discus¬ 
sion  of  Internet  growth,  the  increase 
in  Internet  traffic  raises  questions  of 
whether  computational  capacity  on 
root  zone  servers  can  meet  demand, 
and  whether  the  constant  updating  of 
routing  tables  will  strain  the  routers’ 
computational  ability1.  The  BGP  is 
used  to  perform  interdomain  routing 
on  the  Internet  and  is  vulnerable  to 
spoofing  and  misconfiguration, 
which  can  lead  to  the  misrouting  of 
Internet  traffic.  While  technologies 
to  increase  BGP  security,  such  as 
Secure  BGP  and  Secure  Origin  BGP, 
exist  to  protect  against  BGP  vulnera¬ 
bilities,  they  are  expensive,  require 
widespread  implementation,  and 
have  not  been  widely  adopted  by  the 
community.  Ultimately,  operators  will 
have  to  step  up  to  the  cost  or  figure 
out  an  alternative  that  eliminates  the 
problem. 

5.  Out-of-Band  Control  Space  for 
the  Internet.  The  PSTN  relies  on  a 
parallel,  out-of-band  network  (the 
SS7  network),  to  separate  telecom¬ 
munications  content  from  opera¬ 
tional  control  messages.  This  paral¬ 
lel,  out-of-band  management  ap¬ 
proach  vasdy  increases  the  security 
and  reliability  of  the  PSTN  network. 
Current  Internet  architecture  does 
not  permit  out-of-band  management 
of  the  Internet  control  space  where 
both  communications  content  and 
message  control  information  are 
sent  over  the  same  network  at  the 
same  time.  This  subjects  Internet 
traffic  flow  to  the  risk  of  tampering 
and  corruption.  An  out-of-band 
control  space  for  the  Internet  could 
greatly  improve  the  ability  to  isolate 
network  management  data  and 
increase  reliability. 

Each  of  these  issues  has  already 


drawn  USG  attention.  USG  reliance  on 
the  Internet,  or  on  other  agencies  and 
businesses  that  rely  upon  the  Internet, 
make  the  Internet  a  target  for  any  oppo¬ 
nent.  The  fact  that  a  few  highly  qualified 
individuals  can  create  significant  trouble 
in  this  environment  merely  underscores 
the  attractiveness  of  targeting  the 
Internet  as  a  tool  of  asymmetric  warfare 
in  which  terrorists  as  well  as  nation 
states  can  engage. 

Organizations 

The  third  trend,  changes  in  how  the 
Internet  is  governed,  simply  complicates 
how  to  deal  with  the  first  two  trends. 

•  The  U.S.  has  had  considerable  influ¬ 
ence  over  how  the  Internet  has  been 
governed,  but  that  influence  is  now 

IANA  would  be  the 
logical  holder  of  the 
public  part  of  the  signed 
root  key,  but  its 
connection  with  the  USG 
raises  serious  objections 
in  some  quarters  from 
those  who  claim  to  fear 
that  the  USG  could  use 
its  influence  to  disrupt 
traffic  to  and  from 
countries  it  opposes. 

likely  to  wane  for  several  reasons. 
First,  as  the  Internet  becomes  more 
embedded  around  the  world,  the  tech¬ 
nical  expertise  that  once  resided  large¬ 
ly,  if  not  exclusively,  in  the  United 
States  is  becoming  dispersed.  Second, 
the  creators  of  the  Internet,  many  of 
whom  were  once  employed  by  the 
USG  and  who,  through  its  prestige, 
history,  and  expertise  continue  to  have 
considerable  influence  in  the  various 
governance  forums,  are  now  retiring. 
Third,  virtually?  all  governments  now 
recognize  the  importance  of  the 
Internet  for  economic  reasons,  and 
there  is  universal  appreciation  of  the 
Internet’s  capability  to  enhance  free 
speech  -  a  positive  value  to  many 


nations  but  a  threat  to  others.  For  one 
reason  or  another  (or  both),  some 
governments  now  want  to  control 
Internet  decision-making.  They  seek 
to  displace  the  private  sector,  which 
has  largely  had  control  over  key 
Internet-related  decisions  for  the  past 
two  decades  as  a  result  of  U.S.  policy 
in  favor  of  such  control.  Similarly, 
some  want  to  displace  the  role  of  the 
United  States,  which  maintains  some 
limited  control  by  its  agreements  with 
the  Internet  Corporation  for  Assigned 
Names  and  Numbers  (ICANN)  and 
the  IANA,  both  of  which  play  a  role 
in  the  domain  name  system  that 
assigns  Internet  addresses  and  autho¬ 
rizes  TLDs  (such  as  .com). 

•  The  American  private  sector,  on 
which  the  USG  has  relied  to  repre¬ 
sent  its  interests  because  of  their 
close  alignment  on  most  significant 
Internet  policy  questions,  is  growing 
increasingly  globalized.  The  close 
working  relationship  may  not  be  sus¬ 
tainable  in  that  environment. 

The  responses  to  these  challenges 

are  both  short-  and  long-term: 

1.  Resolving  the  Status  of  ICANN. 
The  USG,  through  the  Department 
of  Commerce  (DoC),  created 
ICANN  in  1998  and  contracted 
with  it  to  operate  IANA,  which  per¬ 
forms  vital  IP  addressing  functions, 
including  maintaining  the  domain 
addresses  on  the  Internet’s  13  root 
zone  servers  (and  more  than  100 
anycast  clones).  Since  then,  the  DoC 
has  maintained  a  Memorandum  of 
Understanding  (now  a  Joint  Project 
Agreement  [JPA])  with  ICANN,  the 
purpose  of  which  is  to  ensure  that 
ICANN  would  become  sufficiently 
democratic,  transparent,  account¬ 
able,  and  efficient  so  that  it  could  be 
allowed  to  fully  privatize.  The  cur¬ 
rent  JPA  ends  in  2009,  and  the  DoC 
has  received  comments  in  response 
to  a  Notice  of  Inquiry  as  a  mid-term 
review  regarding  ICANN’s  status  in 
becoming  secure  and  stable  organi¬ 
zation.8  The  problem  is  complex: 
not  only  is  there  the  issue  of 
whether  ICANN  has  met  its  goals, 
but  also  there  is  the  problem  of 
whether  a  fully?  privatized  structure 
can  be  guaranteed  protection  from 
other  governments’  attempts  to 
exercise  unwanted  influence  over  its 
operations.  Although  there  is  no 
equivalent  issue  with  regard  to 
IANA,  with  which  the  USG  has  not 
promised  to  eventually?  terminate  its 
contract,  other  governments  contin- 
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ue  to  press  for  a  change  in  IANA’s 
status.  The  dispute  has  other  ramifi¬ 
cations.  IANA  would  be  the  logical 
holder  of  the  public  part  of  the 
signed  root  key,  but  its  connection 
with  the  USG  raises  serious  objec¬ 
tions  in  some  quarters  from  those 
who  claim  to  fear  that  the  USG 
could  use  its  influence  to  disrupt 
traffic  to  and  from  countries  it 
opposes. 

2.  Defining  the  Role  of  the  Interna¬ 
tional  Telecommunication  Union 

(ITU).  The  ITU  is  a  United  Nations- 
related  agency  that,  for  many  decades, 
has  been  the  principal  international 
forum  for  standards  related  to  tele¬ 
phone  service.9  It  is  also  the  only  sig¬ 
nificant  organization  related  to 
Internet  governance  where  govern¬ 
ments  are  the  sole  voting  parties.  The 
ITU  has  long  played  a  role  with 
regard  to  the  Internet.  Because  the 
Internet  is  carried  over  telephone  net¬ 
works,  standards  related  to  those  net¬ 
works’  involvement  in  the  Internet 
are  often  addressed  by  the  ITU. 
However,  some  governments  see  the 
ITU  as  a  way  to  extend  their  influence 
over  Internet  decision-making  and, 
therefore,  are  pressing  for  an  expan¬ 
sion  of  the  ITU’s  role  in  Internet- 
related  issues.  The  ITU’s  leadership 
seems  open  to  some  of  these  ideas. 
The  Secretary  General  of  the  ITU 
recently  told  a  gathering  in 
Washington,  D.C.,  that  he  would  con¬ 
sider  having  ICANN’s  government 
advisory  committee  become  a  func¬ 
tion  of  the  ITU.  Some  of  those  ques¬ 
tions  are  likely  to  be  addressed  during 
the  World  Telecommunications  Stan¬ 
dards  Assembly,  to  be  held  later  this 
year,  and  the  World  Telecommunica¬ 
tions  Policy  Forum  scheduled  for 
2009. 

3.  Artificial  Intelligence  as  a  Substi¬ 
tute  for  Organizational  Control. 

Those  who  control  the  technical 
hierarchies  and  centralized  nodes  of 
the  Internet  also  hold  greatest 
power  over  the  network  and,  ulti¬ 
mately,  its  users.  There  needs  to  be 
research  to  explore  the  possible 
reconfiguration  of  the  DNS  proto¬ 
cols  and  any  other  infrastructure 
tools  that  are  inherently  hierarchical 
or  centralized  in  nature  with  a  view 
toward  eliminating  as  many  techni¬ 
cal  points  as  possible  that  require 
human  decision-making.  Research 
should  also  be  conducted  to  deter¬ 
mine  whether  changes  in  protocols 
and  use  of  artificial  intelligence  at 


key  decision  points,  together  with 
increased  use  of  mirroring,  open 
architectures,  and  other  transparen¬ 
cies  would  enable  greater  overall 
system  adjustments  via  competitive 
market  forces  rather  than  through 
organizations,  such  as  ICANN, 
which  would  reduce  the  pressure  for 
increased  political  control. 

The  Way  Forward 

The  way  forward  must  focus  on 
research  and  representation.  There  are 
a  variety  of  defense  organizations  that 
fund  projects  that  address  the  evolu¬ 
tionary  aspects  of  Internet  R&D  or 
alternative  technologies,  including  the 
Army,  the  Naval  Research  Labs,  and 
DARPA.  DARPA  recently  released  a 
Request  for  Information  for  Assurable 
Global  Networking,  suggesting  a 
renewed  interest  from  DARPA  in  alter¬ 
nate  technologies.  Part  of  their  work 
involves  participating  in  the  White 
House’s  Office  of  Science  and 
Technology  Policy’s  Networking  and 
Information  Technology  Research  and 
Development  program,  which  is  the 
result  of  the  High-Performance 
Computing  Act  of  1991, 105  Stat.  1594, 
and  the  Next  Generation  Research  Act 
of  1998,  112  Stat.  219.10 

The  challenge  for  the  DoD  is  assur¬ 
ing  the  continued  coordination  of  all 
this  work  to  ensure  security  and  stabili¬ 
ty  within  the  fast-changing  Internet  and 
the  increasing  capabilities  of  those 
attacking  its  security  and  stability.  The 
needs  of  the  GIG  are  driving  some  of 
this  activity,  as  are  the  tactical  and 
strategic  concerns  surrounding  terrorist 
and  nation-state  use  of  the  Internet 
against  our  national  security  interests. 
The  National  Defense  University  will 
shortly  publish  an  extensive  report  on 
cyber  power  that  may  help  facilitate  the 
discussion,  but  developments  happen 
so  quickly  that  the  discussion  must  be 
constant  and  intense.  The  evolving 
recognition  of  the  significance  of  the 
challenge  and  its  broader  implications 
for  national  security  should  push  cur¬ 
rent  activity  to  an  even  higher  level. 

Similarly,  the  DoD  currently  partici¬ 
pates  in  some  organizations  that  are 
involved  in  Internet-related  decision¬ 
making.  As  the  operator  of  .mil,  the 
DoD  tracks  activity  in  the  American 
Registry  for  Internet  Numbers,  the 
Regional  Internet  Registry  for  North 
America,  and  parts  of  the  Caribbean. 
The  DoD  also  monitors  developments 
in  the  Internet  Engineering  Task  Force 
(IETF),  which  sets  standards  for  core 
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Internet  functions,  and  the  related 
Internet  society.  The  DoD  has  regular¬ 
ly  been  active  at  the  ITU,  although  with 
a  greater  focus  on  the  wireless  spec¬ 
trum  rather  than  the  Internet.  In  many 
cases,  the  DoD  has  only  had  the  ability 
to  monitor  developments,  and  not  to 
drive  activity  or  offer  leadership  in 
these  organizations  that  are  reputation- 
based  and  require  active  and  sustained 
participation. 

The  continuing  challenge  is  to  coor¬ 
dinate  all  of  these  activities  within  the 
DoD,  with  the  rest  of  the  USG,  and 
with  the  American  private  sector.  The 
ability  to  influence  cannot  rest  solely  on 
one’s  government  status.  Even  at  the 
ITU,  where  governments  control  the 
votes,  key  policy  decisions  about  tele¬ 
phone  networks  are  made  in  the  study 
groups  where  the  private  sector  domi¬ 
nates.  Influence  there  is  dependent  on 
constant  and  highly  competent  partici¬ 
pation  by  individuals.  The  same  is  true 
at  ICANN  and  the  IETE  Hence,  the 
DoD’s  ability  to  analyze  issues  based  on 
its  vast  technical  insights,  its  needs  as  a 
user,  and  its  status  as  an  Internet  ser¬ 
vice  provider  give  it  a  unique  ability  to 
work  in  these  environments.  Other 
agencies  have  important  roles  to  play, 
but  their  work  can  be  powerfully 
enhanced  by  committed  DoD 
support. ♦ 
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Acronym  Key  for  This  Issue 

AIS 

Assured  Information  Sharing 

C&A 

Certification  and  Accreditation 

CIO 

Chief  Information  Officer 

CNSS 

Committee  on  National  Security  Systems 

DASD(IIA) 

Deputy  Assistant  Secretary  of  Defense  for 
Information  and  Identity  Assurance 

DIACAP 

DoD  Information  Assurance  Certification  and 

Accreditation  Process 

DIAP 

Defense  Information  Assurance  Program 

DISA 

Defense  Information  Systems  Agency 

DNI 

Director  of  National  Intelligence 

DoD 

Department  of  Defense 

GIAP 

GIG  IA  Portfolio  (Management) 

GIG 

Global  Information  Grid 

IA 

Information  Assurance 

1C 

Intelligence  Community 

INFOSEC 

Information  Security 

IT 

Information  Technology 

Nil 

Networks  and  Information  Integration 

NSA 

National  Security  Agency 

NSS 

National  Security  Strategy 

R&D 

Research  and  Development 

SME 

Subject  Matter  Expert 

UCDMO 

Unified  Cross  Domain  Management  Office 

USG 

United  States  Government 

